Cookie policy
Cookie policy
When we use the following terms on this page, we mean:
‘you’ or ‘your’: the person using our site.
‘Starling’, ‘we’, ‘our’, or ‘us’: Starling Bank Limited, company number 09092149 registered at 5th Floor London Fruit and Wool Exchange, 1 Duval Square, London, United Kingdom, E1 6PW.
‘our site’ or ‘our website’: starlingbank.com, each of its web pages and subdomains, including www.starlingbank.com, help.starlingbank.com, settleup.starlingbank.com and app.starlingbank.com (unless we state otherwise).
Our cookie policy in brief
A cookie (or similar technology) allows us to:
distinguish you from other users of our site
recognise your preferences
provide security
deliver personalised content
make our site work more efficiently
This all helps us give you the best possible experience when you browse, and also allows us to make our site better for you.
We use session and persistent cookies, which are stored on your computer or electronic device unless you object (see below). Session cookies are cookies that expire at the end of your browsing session, whereas persistent cookies are stored on your device between sessions.
You can manage your cookie preferences at any time by clicking Manage cookies at the bottom of any page on our website or on the link below.
Manage your cookie preferencesOur full cookie policy
Types of cookies
Cookies are small files of letters and numbers. We store them on your browser or the hard drive of your computer or electronic device, unless you tell us not to (see the Control these cookies section below).
Our website uses two types of cookies: first and third-party cookies.
First-party cookies are cookies set by us, whereas third-party cookies are set by someone other than us and collect information about you. This information may then be sent to the third party.
Our online banking website at app.starlingbank.com only uses essential/necessary cookies.
All of our other sites (not including our online banking website and app.starling.com) hosts these categories of cookies:
Essential/necessary cookies for running the website. These cookies help you access our site by enabling basic functions like cookie consent. They’re essential to our site’s functionality and you cannot disable them.
Non-essential cookies for analytics, performance, functionality, and targeting. These cookies collect statistics to help us improve our site and ensure it works smoothly. This category includes third-party cookies that build a profile of your interests to make our marketing more relevant. By creating this profile, we can show you advertising on other websites and apps tailored to you, rather than generic content. These cookies also help us measure campaign effectiveness - for example, by noting if you begin an application after seeing an ad - and ensure you don’t see the same advert repeatedly. These cookies use a unique ID to recognize your browser and device; while this could identify you if combined with other data, they will not be set without your permission.
The table below explains the cookies we use and why.
Essential cookies
Provider
Purpose
Expiration
StarlingBankCookiePreferences
Starling Bank
Stores the user’s cookie consent state.
90 days
m
Stripe
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
2 years
__stripe_mid
Stripe
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
1 year
__stripe_sid
Stripe
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
30 minutes
private_machine_identifier
Stripe
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
1 year
stripe.csrf
Stripe
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
Session
matomo_sessid
Matomo
Helps prevent CSRF security issues
14 days
StarlingBankCookiePreferences
Provider
Starling Bank
Purpose
Stores the user’s cookie consent state.
Expiration
90 days
m
Provider
Stripe
Purpose
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
Expiration
2 years
__stripe_mid
Provider
Stripe
Purpose
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
Expiration
1 year
__stripe_sid
Provider
Stripe
Purpose
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
Expiration
30 minutes
private_machine_identifier
Provider
Stripe
Purpose
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
Expiration
1 year
stripe.csrf
Provider
Stripe
Purpose
Only used on settleup.starlingbank.com. Stripe is a payment processing service used on settleup.starlingbank.com. These cookies aid in fraud detection.
Expiration
Session
matomo_sessid
Provider
Matomo
Purpose
Helps prevent CSRF security issues
Expiration
14 days
Analytical cookies
Provider
Purpose
Expiration
_ga
Google
Used to distinguish users.
2 years
_gid
Google
Used to distinguish users.
24 hours
_gat
Google
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm_<property-id>.
1 minute
_gat_<container--id>
Google
Used to provide technical monitoring.
Session
_ga_<container-id>
Google
Used to persist session state.
2 years
_gac_gb_<container-id>
Google
Contains campaign related information.
90 days
AMP_TOKEN
Google
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
30 seconds to 1 year
_gac_<property-id>
Google
Contains campaign related information for the user.
90 days
_gaexp
Google
Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.
Depends on the length of the experiment, but typically 90 days.
_opt_utmc
Google
Stores the last utm_campaign query parameter.
24 hours
_opt_expid
Google
This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
10 seconds
AEC
Google
Ensures that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge.
6 months
marketingAttributionUid
Starling Bank
Used to distinguish users.
Session
query
Starling Bank
Stores referral information from campaigns.
Session
_pk_id
Matomo
Used to store a few details about the user such as the unique visitor ID.
13 months
_pk_ses
Matomo
Short lived cookie used to temporarily store data for the visit.
30 minutes
_pk_hsr
Matomo
Short lived cookie used to temporarily store data for the visit.
30 minutes
_pk_ref
Matomo
Used to store the attribution information, the referrer initially used to visit the website.
6 months
ABTasty
AB Tasty
Used to determine a user's inclusion in an experiment, with campaign history and a timestamp.
13 months
ABTastySession
AB Tasty
Contains landing page URL. Also used to determine if new session.
30 minutes of inactivity
ABTastyDomainTest
AB Tasty
Checks that we are operating on the expected domain.
A few milliseconds
ph_posthog
PostHog
Stores a randomly generated anonymous identifier to recognise returning visitors and understand how people use the site over time.
1 year
_ga
Provider
Google
Purpose
Used to distinguish users.
Expiration
2 years
_gid
Provider
Google
Purpose
Used to distinguish users.
Expiration
24 hours
_gat
Provider
Google
Purpose
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm_<property-id>.
Expiration
1 minute
_gat_<container--id>
Provider
Google
Purpose
Used to provide technical monitoring.
Expiration
Session
_ga_<container-id>
Provider
Google
Purpose
Used to persist session state.
Expiration
2 years
_gac_gb_<container-id>
Provider
Google
Purpose
Contains campaign related information.
Expiration
90 days
AMP_TOKEN
Provider
Google
Purpose
Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
Expiration
30 seconds to 1 year
_gac_<property-id>
Provider
Google
Purpose
Contains campaign related information for the user.
Expiration
90 days
_gaexp
Provider
Google
Purpose
Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.
Expiration
Depends on the length of the experiment, but typically 90 days.
_opt_utmc
Provider
Google
Purpose
Stores the last utm_campaign query parameter.
Expiration
24 hours
_opt_expid
Provider
Google
Purpose
This cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
Expiration
10 seconds
AEC
Provider
Google
Purpose
Ensures that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge.
Expiration
6 months
marketingAttributionUid
Provider
Starling Bank
Purpose
Used to distinguish users.
Expiration
Session
query
Provider
Starling Bank
Purpose
Stores referral information from campaigns.
Expiration
Session
_pk_id
Provider
Matomo
Purpose
Used to store a few details about the user such as the unique visitor ID.
Expiration
13 months
_pk_ses
Provider
Matomo
Purpose
Short lived cookie used to temporarily store data for the visit.
Expiration
30 minutes
_pk_hsr
Provider
Matomo
Purpose
Short lived cookie used to temporarily store data for the visit.
Expiration
30 minutes
_pk_ref
Provider
Matomo
Purpose
Used to store the attribution information, the referrer initially used to visit the website.
Expiration
6 months
ABTasty
Provider
AB Tasty
Purpose
Used to determine a user's inclusion in an experiment, with campaign history and a timestamp.
Expiration
13 months
ABTastySession
Provider
AB Tasty
Purpose
Contains landing page URL. Also used to determine if new session.
Expiration
30 minutes of inactivity
ABTastyDomainTest
Provider
AB Tasty
Purpose
Checks that we are operating on the expected domain.
Expiration
A few milliseconds
ph_posthog
Provider
PostHog
Purpose
Stores a randomly generated anonymous identifier to recognise returning visitors and understand how people use the site over time.
Expiration
1 year
Functional cookies
Provider
Purpose
Expiration
yt-remote-cast-installed
youtube-nocookie.com
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Session
yt-remote-connected-devices
youtube-nocookie.com
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Persistent
yt-remote-device-id
youtube-nocookie.com
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Persistent
yt-remote-fast-check-period
youtube-nocookie.com
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Session
yt-remote-session-app
youtube-nocookie.com
Used to send data to Google Analytics about the visitor’s device and behaviour.
Session
yt-remote-session-name
youtube-nocookie.com
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Session
yt-player-headers-readable
youtube-nocookie.com
Stores the user’s video player preferences using embedded YouTube video.
17 days
yt.innertube::requests
youtube-nocookie.com
Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
Persistent
yt.innertube::nextId
youtube-nocookie.com
Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
Persistent
yt-player-bandwidth
youtube-nocookie.com
To provide bandwidth estimations.
Session
yt-remote-cast-available
youtube-nocookie.com
Stores the user’s video player preferences using embedded YouTube video.
Persistent
OptanonAlertBoxClosed
Trustpilot
This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user.
1 year
OptanonConsent
Trustpilot
This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given.
1 year
__RequestVerificationToken
Trustpilot
This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.
Session
_csrf
Trustpilot
This period shows the length of the period at which a service can store and/or read certain data from your computer by using a cookie, a pixel, an API, cookieless tracking, or other resources.
Session
SIDCC
Google
Provide the identification of trusted web traffic.
1 year
yt-remote-cast-installed
Provider
youtube-nocookie.com
Purpose
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Expiration
Session
yt-remote-connected-devices
Provider
youtube-nocookie.com
Purpose
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Expiration
Persistent
yt-remote-device-id
Provider
youtube-nocookie.com
Purpose
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Expiration
Persistent
yt-remote-fast-check-period
Provider
youtube-nocookie.com
Purpose
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Expiration
Session
yt-remote-session-app
Provider
youtube-nocookie.com
Purpose
Used to send data to Google Analytics about the visitor’s device and behaviour.
Expiration
Session
yt-remote-session-name
Provider
youtube-nocookie.com
Purpose
Stores the user’s video player preferences in HTML local storage using embedded YouTube video.
Expiration
Session
yt-player-headers-readable
Provider
youtube-nocookie.com
Purpose
Stores the user’s video player preferences using embedded YouTube video.
Expiration
17 days
yt.innertube::requests
Provider
youtube-nocookie.com
Purpose
Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
Expiration
Persistent
yt.innertube::nextId
Provider
youtube-nocookie.com
Purpose
Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
Expiration
Persistent
yt-player-bandwidth
Provider
youtube-nocookie.com
Purpose
To provide bandwidth estimations.
Expiration
Session
yt-remote-cast-available
Provider
youtube-nocookie.com
Purpose
Stores the user’s video player preferences using embedded YouTube video.
Expiration
Persistent
OptanonAlertBoxClosed
Provider
Trustpilot
Purpose
This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user.
Expiration
1 year
OptanonConsent
Provider
Trustpilot
Purpose
This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given.
Expiration
1 year
__RequestVerificationToken
Provider
Trustpilot
Purpose
This is an anti-forgery cookie set by web applications built using ASP.NET MVC technologies. It is designed to stop unauthorised posting of content to a website, known as Cross-Site Request Forgery. It holds no information about the user and is destroyed on closing the browser.
Expiration
Session
_csrf
Provider
Trustpilot
Purpose
This period shows the length of the period at which a service can store and/or read certain data from your computer by using a cookie, a pixel, an API, cookieless tracking, or other resources.
Expiration
Session
SIDCC
Provider
Google
Purpose
Provide the identification of trusted web traffic.
Expiration
1 year
Advertising and targeting cookies
Provider
Purpose
Expiration
DSID
doubleclick.net
Used to link user’s activity across devices if they’ve previously signed in to a Google Account on another device.
399 days
IDE
doubleclick.net
Used for advertising Google serves across the web on non-Google sites.
399 days
RUL
doubleclick.net
Used by Google DoubleClick to determine whether website advertisement has been properly displayed.
399 days
ar-debug
doubleclick.net
To store and track conversions.
Persistent
1P_JAR
Google
To provide ad delivery or retargeting.
1 month
ANID
Google
Used to customise ads on Google properties, like Google Search.
1 month
CONSENT
Google
Used to store cookie consent preferences.
Persistent
NID
Google
Used to remember information that changes the way the site behaves or looks, such as your preferred language or the region a user is in.
1 month
__Secure-3PAPISID
Google
Used by Google for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.
2 years
__Secure-3PSID
Google
Used by Google for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.
2 years
__Secure-3PSIDCC
Google
Used by Google for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.
2 years
__Secure-1PAPISID
Google
For targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
1 year
__Secure-1PSIDCC
Google
Used by Google for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
1 year
__Secure-1PSIDTS
Google
Used by Google for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
1 year
__Secure-3PSIDTS
Google
Used by Google for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
2 years
receive-cookie-deprecation
Google
To identify certain Google Chrome browsers affected by the third-party cookie deprecation
180 days
test_cookie
Google
Used by Google to check if your browser supports cookies.
15 minutes
id
Google
Used for purposes related to Functionality and Advertising.
OPT_OUT: fixed expiration (year 2030/11/09), non-OPT_OUT: 13 months EEA UK / 24 months elsewhere
pm_sess
Google
Prevent malicious sites acting without a user’s knowledge and as if they were that user.
30 minutes
pm_sess_NNN
Google
Prevent malicious sites acting without a user’s knowledge and as if they were that user.
30 minutes
aboutads_sessNNN
Google
Allow users to interact with a service or site to access features that are fundamental to that service. Used to authenticate users, prevent fraud, and protect users as they interact with a service.
30 minutes
FPAU
Google
Used for analytics to help collect data that allows services to understand how users interact with a particular service.
90 days
AID
Google
Used for targeting purposes to store Google IDs so that your activity can be linked across devices (if you’ve previously signed in to your Google Account on another device), in order to show relevant & personalised advertising across all devices.
13 months EEA UK / 540 days elsewhere
TAID
Google
Used for targeting purposes to store Google IDs so that your activity can be linked across devices (if you’ve previously signed in to your Google Account on another device), in order to show relevant & personalised advertising across all devices.
14 days
FPGCLDC
Google
Used to help advertisers determine how many times users who click on their ads end up taking an action on their site.
90 days
_gcl_dc
Google
Used by various Google Marketing platforms to link conversions from previous clicks to new sales.
90 days
_gcl_au
Google
Used to monitor how many times people who click on ads end up taking an action on the site (e.g. making a purchase) to allow Google advertising to determine that you clicked an ad and later visited the site.
90 days
FLC
Google
Used by Google AdSense DoubleClick to limit the frequency of advertisements so that the user does not see the same advertisement repeatedly. This cookie expires when the session ends.
10 seconds
__gads
Google
Used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s ads reports.
13 months
SSID
Google
Enables Google to collect user information for videos hosted by YouTube.
2 years
HSID
Google
To provide fraud prevention.
2 years
__Secure-ENID
Google
Google, to remember your preferences and other information.
13 months
__Secure-1PSID
Google
Used for targeting purposes to build a profile of the visitor’s interests in order to show relevant & personalised Google advertising.
2 years
SID
Google
To provide ad delivery or retargeting, provide fraud prevention.
2 years
SAPISID
Google
To display personalised advertisements on Google sites, based on recent searches and previous interactions.
2 years
APISID
Google
To collect user information for videos hosted by YouTube.
2 years
AEC
Google
Ensures that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge.
2 years
_GRECAPTCHA
Google reCAPTCHA
To provide spam protection.
Session
(M)UID
Microsoft Inc. / Bing
Used to store anonymous Microsoft user ID. Used by Bing to allow synchronising of the ID across Microsoft domains & to ensure that clicks from adverts on the Bing search engine are verified for reporting purposes and for personalisation.
1 year
_uetmsclkid
Microsoft Inc. / Bing
Used to track accurate conversions by user ID from click-throughs from Microsoft Advertising (Bing).
90 days
_uetsid
Microsoft Inc. / Bing
This contains the session ID for a unique session on the site.
1 day
_uetvid
Microsoft Inc. / Bing
This assigns a unique, anonymised visitor ID, representing a unique visitor.
16 days
__cf_bm
CloudFlare
To read and filter requests from bots.
30 minutes
_fbp
Meta (Facebook/Instagram)
Identifies browsers for the purposes of providing advertising and site analytics services
90 days
_fbc
Meta (Facebook/Instagram)
Advertising and site analytics purposes
After 2 years
Sb
Meta (Facebook/Instagram)
Enable us to identify your browser securely
After browser session ends
Dbln
Meta (Facebook/Instagram)
Enable us to identify your browser securely
After browser session ends
Datr
Meta (Facebook/Instagram)
Unique identifier for your browser that, amongst other things, helps us protect you from fraud
After 2 years
fr
Meta (Facebook/Instagram)
Used to deliver, measure and improve the relevancy of ads
90 days
oo
Meta (Facebook/Instagram)
To help you opt out of seeing ads from Meta based on your activity on third-party websites
After 2 years
dpr
Meta (Facebook/Instagram)
For purposes including to deliver an optimal experience for your device's screen
7 days
wd
Meta (Facebook/Instagram)
For purposes including to deliver an optimal experience for your device's screen
7 days
usida
Meta (Facebook/Instagram)
Collects a combination of the user’s browser and a unique identifier used by Meta (formerly Facebook) to tailor advertising to users
After browser session ends
PRESENCE
Meta (Instagram)
Used by Meta (formerly Facebook) to store ad display frequency (Instagram)
After browser session ends
C_USER
Meta (Facebook/Instagram)
Used by Meta (formerly Facebook) to store a unique user ID
30 days
XS
Meta (Facebook/Instagram)
Used by Meta (formerly Facebook) to store a unique session ID
90 days
lastExternalReferrer
Meta (Facebook/Instagram)
Detects how the user reached the website
Persistent
lastExternalReferrerTime
Meta (Facebook/Instagram)
Detects how the user reached the website
Persistent
topicsLastReferenceTime
Meta (Facebook/Instagram)
Used to make advertisement more relevant
Persistent
_ttp
TikTok
To measure and improve the performance of advertising campaigns and to personalize the customer experience (including ads) on TikTok.
13 months from the last date it was used
ttcsid_
TikTok
To measure and improve the performance of advertising campaigns and to personalize the customer experience (including ads) on TikTok.
13 months from the last date it was used
ttclid
TikTok
To measure and improve the performance of advertising campaigns and to personalize the customer experience (including ads) on TikTok.
13 months from the last date it was used
_pangle
TikTok
To measure and improve the performance of your advertising campaigns and to personalize the customer's ad experiences delivered by the TikTok Pangle ad network.
13 months from the last date it was used
_rdt_em
Reddit
This cookie is set by the Reddit Pixel to store event match information. It helps Reddit attribute website actions to advertising campaigns and optimise ad delivery.
3 months
_rdt_uuid
Reddit
This cookie is set by the Reddit Pixel to store event match information. It helps Reddit attribute website actions to advertising campaigns and optimise ad delivery.
3 months
_rdt_pn
Reddit
The _rdt_pn cookie stores identifiers and interaction data to enable retargeting, personalised marketing, and campaign performance measurement.
3 months
DSID
Provider
doubleclick.net
Purpose
Used to link user’s activity across devices if they’ve previously signed in to a Google Account on another device.
Expiration
399 days
IDE
Provider
doubleclick.net
Purpose
Used for advertising Google serves across the web on non-Google sites.
Expiration
399 days
RUL
Provider
doubleclick.net
Purpose
Used by Google DoubleClick to determine whether website advertisement has been properly displayed.
Expiration
399 days
ar-debug
Provider
doubleclick.net
Purpose
To store and track conversions.
Expiration
Persistent
1P_JAR
Provider
Google
Purpose
To provide ad delivery or retargeting.
Expiration
1 month
ANID
Provider
Google
Purpose
Used to customise ads on Google properties, like Google Search.
Expiration
1 month
CONSENT
Provider
Google
Purpose
Used to store cookie consent preferences.
Expiration
Persistent
NID
Provider
Google
Purpose
Used to remember information that changes the way the site behaves or looks, such as your preferred language or the region a user is in.
Expiration
1 month
__Secure-3PAPISID
Provider
Google
Purpose
Used by Google for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.
Expiration
2 years
__Secure-3PSID
Provider
Google
Purpose
Used by Google for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.
Expiration
2 years
__Secure-3PSIDCC
Provider
Google
Purpose
Used by Google for targeting purposes to build a profile of the website visitor’s interests in order to show relevant & personalised Google advertising.
Expiration
2 years
__Secure-1PAPISID
Provider
Google
Purpose
For targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
Expiration
1 year
__Secure-1PSIDCC
Provider
Google
Purpose
Used by Google for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
Expiration
1 year
__Secure-1PSIDTS
Provider
Google
Purpose
Used by Google for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
Expiration
1 year
__Secure-3PSIDTS
Provider
Google
Purpose
Used by Google for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalised Google advertising
Expiration
2 years
receive-cookie-deprecation
Provider
Google
Purpose
To identify certain Google Chrome browsers affected by the third-party cookie deprecation
Expiration
180 days
test_cookie
Provider
Google
Purpose
Used by Google to check if your browser supports cookies.
Expiration
15 minutes
id
Provider
Google
Purpose
Used for purposes related to Functionality and Advertising.
Expiration
OPT_OUT: fixed expiration (year 2030/11/09), non-OPT_OUT: 13 months EEA UK / 24 months elsewhere
pm_sess
Provider
Google
Purpose
Prevent malicious sites acting without a user’s knowledge and as if they were that user.
Expiration
30 minutes
pm_sess_NNN
Provider
Google
Purpose
Prevent malicious sites acting without a user’s knowledge and as if they were that user.
Expiration
30 minutes
aboutads_sessNNN
Provider
Google
Purpose
Allow users to interact with a service or site to access features that are fundamental to that service. Used to authenticate users, prevent fraud, and protect users as they interact with a service.
Expiration
30 minutes
FPAU
Provider
Google
Purpose
Used for analytics to help collect data that allows services to understand how users interact with a particular service.
Expiration
90 days
AID
Provider
Google
Purpose
Used for targeting purposes to store Google IDs so that your activity can be linked across devices (if you’ve previously signed in to your Google Account on another device), in order to show relevant & personalised advertising across all devices.
Expiration
13 months EEA UK / 540 days elsewhere
TAID
Provider
Google
Purpose
Used for targeting purposes to store Google IDs so that your activity can be linked across devices (if you’ve previously signed in to your Google Account on another device), in order to show relevant & personalised advertising across all devices.
Expiration
14 days
FPGCLDC
Provider
Google
Purpose
Used to help advertisers determine how many times users who click on their ads end up taking an action on their site.
Expiration
90 days
_gcl_dc
Provider
Google
Purpose
Used by various Google Marketing platforms to link conversions from previous clicks to new sales.
Expiration
90 days
_gcl_au
Provider
Google
Purpose
Used to monitor how many times people who click on ads end up taking an action on the site (e.g. making a purchase) to allow Google advertising to determine that you clicked an ad and later visited the site.
Expiration
90 days
FLC
Provider
Google
Purpose
Used by Google AdSense DoubleClick to limit the frequency of advertisements so that the user does not see the same advertisement repeatedly. This cookie expires when the session ends.
Expiration
10 seconds
__gads
Provider
Google
Purpose
Used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the site’s ads reports.
Expiration
13 months
SSID
Provider
Google
Purpose
Enables Google to collect user information for videos hosted by YouTube.
Expiration
2 years
HSID
Provider
Google
Purpose
To provide fraud prevention.
Expiration
2 years
__Secure-ENID
Provider
Google
Purpose
Google, to remember your preferences and other information.
Expiration
13 months
__Secure-1PSID
Provider
Google
Purpose
Used for targeting purposes to build a profile of the visitor’s interests in order to show relevant & personalised Google advertising.
Expiration
2 years
SID
Provider
Google
Purpose
To provide ad delivery or retargeting, provide fraud prevention.
Expiration
2 years
SAPISID
Provider
Google
Purpose
To display personalised advertisements on Google sites, based on recent searches and previous interactions.
Expiration
2 years
APISID
Provider
Google
Purpose
To collect user information for videos hosted by YouTube.
Expiration
2 years
AEC
Provider
Google
Purpose
Ensures that requests within a browsing session are made by the user, and not by other sites. These cookies prevent malicious sites from acting on behalf of a user without that user’s knowledge.
Expiration
2 years
_GRECAPTCHA
Provider
Google reCAPTCHA
Purpose
To provide spam protection.
Expiration
Session
(M)UID
Provider
Microsoft Inc. / Bing
Purpose
Used to store anonymous Microsoft user ID. Used by Bing to allow synchronising of the ID across Microsoft domains & to ensure that clicks from adverts on the Bing search engine are verified for reporting purposes and for personalisation.
Expiration
1 year
_uetmsclkid
Provider
Microsoft Inc. / Bing
Purpose
Used to track accurate conversions by user ID from click-throughs from Microsoft Advertising (Bing).
Expiration
90 days
_uetsid
Provider
Microsoft Inc. / Bing
Purpose
This contains the session ID for a unique session on the site.
Expiration
1 day
_uetvid
Provider
Microsoft Inc. / Bing
Purpose
This assigns a unique, anonymised visitor ID, representing a unique visitor.
Expiration
16 days
__cf_bm
Provider
CloudFlare
Purpose
To read and filter requests from bots.
Expiration
30 minutes
_fbp
Provider
Meta (Facebook/Instagram)
Purpose
Identifies browsers for the purposes of providing advertising and site analytics services
Expiration
90 days
_fbc
Provider
Meta (Facebook/Instagram)
Purpose
Advertising and site analytics purposes
Expiration
After 2 years
Sb
Provider
Meta (Facebook/Instagram)
Purpose
Enable us to identify your browser securely
Expiration
After browser session ends
Dbln
Provider
Meta (Facebook/Instagram)
Purpose
Enable us to identify your browser securely
Expiration
After browser session ends
Datr
Provider
Meta (Facebook/Instagram)
Purpose
Unique identifier for your browser that, amongst other things, helps us protect you from fraud
Expiration
After 2 years
fr
Provider
Meta (Facebook/Instagram)
Purpose
Used to deliver, measure and improve the relevancy of ads
Expiration
90 days
oo
Provider
Meta (Facebook/Instagram)
Purpose
To help you opt out of seeing ads from Meta based on your activity on third-party websites
Expiration
After 2 years
dpr
Provider
Meta (Facebook/Instagram)
Purpose
For purposes including to deliver an optimal experience for your device's screen
Expiration
7 days
wd
Provider
Meta (Facebook/Instagram)
Purpose
For purposes including to deliver an optimal experience for your device's screen
Expiration
7 days
usida
Provider
Meta (Facebook/Instagram)
Purpose
Collects a combination of the user’s browser and a unique identifier used by Meta (formerly Facebook) to tailor advertising to users
Expiration
After browser session ends
PRESENCE
Provider
Meta (Instagram)
Purpose
Used by Meta (formerly Facebook) to store ad display frequency (Instagram)
Expiration
After browser session ends
C_USER
Provider
Meta (Facebook/Instagram)
Purpose
Used by Meta (formerly Facebook) to store a unique user ID
Expiration
30 days
XS
Provider
Meta (Facebook/Instagram)
Purpose
Used by Meta (formerly Facebook) to store a unique session ID
Expiration
90 days
lastExternalReferrer
Provider
Meta (Facebook/Instagram)
Purpose
Detects how the user reached the website
Expiration
Persistent
lastExternalReferrerTime
Provider
Meta (Facebook/Instagram)
Purpose
Detects how the user reached the website
Expiration
Persistent
topicsLastReferenceTime
Provider
Meta (Facebook/Instagram)
Purpose
Used to make advertisement more relevant
Expiration
Persistent
_ttp
Provider
TikTok
Purpose
To measure and improve the performance of advertising campaigns and to personalize the customer experience (including ads) on TikTok.
Expiration
13 months from the last date it was used
ttcsid_
Provider
TikTok
Purpose
To measure and improve the performance of advertising campaigns and to personalize the customer experience (including ads) on TikTok.
Expiration
13 months from the last date it was used
ttclid
Provider
TikTok
Purpose
To measure and improve the performance of advertising campaigns and to personalize the customer experience (including ads) on TikTok.
Expiration
13 months from the last date it was used
_pangle
Provider
TikTok
Purpose
To measure and improve the performance of your advertising campaigns and to personalize the customer's ad experiences delivered by the TikTok Pangle ad network.
Expiration
13 months from the last date it was used
_rdt_em
Provider
Reddit
Purpose
This cookie is set by the Reddit Pixel to store event match information. It helps Reddit attribute website actions to advertising campaigns and optimise ad delivery.
Expiration
3 months
_rdt_uuid
Provider
Reddit
Purpose
This cookie is set by the Reddit Pixel to store event match information. It helps Reddit attribute website actions to advertising campaigns and optimise ad delivery.
Expiration
3 months
_rdt_pn
Provider
Reddit
Purpose
The _rdt_pn cookie stores identifiers and interaction data to enable retargeting, personalised marketing, and campaign performance measurement.
Expiration
3 months
Advertising Click IDs
When you click through to our website from a Starling ad served by one of our advertising partners, a tracking tag called a ‘click ID’ is added to our website URL.
We use click IDs from the below providers to see which of our ads are working best. They help us understand things like how many people go on to apply for a Starling account after interacting with an ad. Click IDs also allow us to measure and improve the performance of our ad campaigns. If you take an action such as starting an application after you have interacted with an advert, we share the Click ID and a record of the activity with the ad provider (like Google or Meta). We do not share any directly identifiable personal details such as your name or email.
Google - GCLID
Meta - FBCLID
Unless we say otherwise in this document, we’ll only keep the click ID for 1 month.
Control these cookies
You can manage your cookie preferences at any time by clicking Manage cookies at the bottom of any page on our website. You can also do it by clicking the link below.
Manage your cookie preferencesIf you prefer, you can adjust the settings in your web browser to limit or completely block cookies.
If you’ve enabled third-party persistent cookies on our site before, you’ll need to visit each third party website to change your privacy choices. We can’t change those settings for you.
Except for essential/necessary and session cookies, we’ll ask you if you wish to consent to the use of non-essential cookies set by us every 90 days. Third party and other cookies will expire in accordance with their individual cookie policies.
We may update our cookie policy at any time by amending this page. Please check back from time to time to see if we’ve made any changes.
Last updated 16th December 2025